diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon index de6fdc4d7c..45e44008c4 100644 --- a/phpstan-baseline.neon +++ b/phpstan-baseline.neon @@ -625,11 +625,6 @@ parameters: count: 1 path: src/bundle/Core/DependencyInjection/Compiler/RouterPass.php - - - message: "#^Method Ibexa\\\\Bundle\\\\Core\\\\DependencyInjection\\\\Compiler\\\\SecurityPass\\:\\:process\\(\\) has no return type specified\\.$#" - count: 1 - path: src/bundle/Core/DependencyInjection/Compiler/SecurityPass.php - - message: "#^Method Ibexa\\\\Bundle\\\\Core\\\\DependencyInjection\\\\Compiler\\\\SessionConfigurationPass\\:\\:process\\(\\) has no return type specified\\.$#" count: 1 @@ -3320,16 +3315,6 @@ parameters: count: 1 path: src/bundle/Core/Fragment/InlineFragmentRenderer.php - - - message: "#^Call to an undefined method Symfony\\\\Component\\\\DependencyInjection\\\\Extension\\\\ExtensionInterface\\:\\:addSecurityListenerFactory\\(\\)\\.$#" - count: 1 - path: src/bundle/Core/IbexaCoreBundle.php - - - - message: "#^Method Ibexa\\\\Bundle\\\\Core\\\\IbexaCoreBundle\\:\\:build\\(\\) has no return type specified\\.$#" - count: 1 - path: src/bundle/Core/IbexaCoreBundle.php - - message: "#^Method Ibexa\\\\Bundle\\\\Core\\\\Imagine\\\\AliasCleaner\\:\\:removeAliases\\(\\) has no return type specified\\.$#" count: 1 @@ -12225,21 +12210,6 @@ parameters: count: 1 path: src/lib/MVC/Symfony/Routing/UrlWildcardRouter.php - - - message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\Authentication\\\\AnonymousAuthenticationProvider\\:\\:setConfigResolver\\(\\) has no return type specified\\.$#" - count: 1 - path: src/lib/MVC/Symfony/Security/Authentication/AnonymousAuthenticationProvider.php - - - - message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\Authentication\\\\AnonymousAuthenticationProvider\\:\\:setPermissionResolver\\(\\) has no return type specified\\.$#" - count: 1 - path: src/lib/MVC/Symfony/Security/Authentication/AnonymousAuthenticationProvider.php - - - - message: "#^Parameter \\#3 \\$firewallName of class Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\Authentication\\\\DetermineTargetUrlEvent constructor expects string, string\\|null given\\.$#" - count: 1 - path: src/lib/MVC/Symfony/Security/Authentication/DefaultAuthenticationSuccessHandler.php - - message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\Authentication\\\\RememberMeRepositoryAuthenticationProvider\\:\\:setPermissionResolver\\(\\) has no return type specified\\.$#" count: 1 @@ -12325,31 +12295,6 @@ parameters: count: 1 path: src/lib/MVC/Symfony/Security/Authorization/Voter/ValueObjectVoter.php - - - message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListener\\:\\:__construct\\(\\) has parameter \\$fragmentPath with no type specified\\.$#" - count: 1 - path: src/lib/MVC/Symfony/Security/EventListener/SecurityListener.php - - - - message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListener\\:\\:checkSiteAccessPermission\\(\\) has no return type specified\\.$#" - count: 1 - path: src/lib/MVC/Symfony/Security/EventListener/SecurityListener.php - - - - message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListener\\:\\:isMasterRequest\\(\\) has parameter \\$requestType with no type specified\\.$#" - count: 1 - path: src/lib/MVC/Symfony/Security/EventListener/SecurityListener.php - - - - message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListener\\:\\:onInteractiveLogin\\(\\) has no return type specified\\.$#" - count: 1 - path: src/lib/MVC/Symfony/Security/EventListener/SecurityListener.php - - - - message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListener\\:\\:onKernelRequest\\(\\) has no return type specified\\.$#" - count: 1 - path: src/lib/MVC/Symfony/Security/EventListener/SecurityListener.php - - message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\Exception\\\\UnauthorizedSiteAccessException\\:\\:__construct\\(\\) has parameter \\$username with no type specified\\.$#" count: 1 @@ -12395,26 +12340,6 @@ parameters: count: 1 path: src/lib/MVC/Symfony/Security/InteractiveLoginToken.php - - - message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\User\\:\\:__construct\\(\\) has parameter \\$roles with no value type specified in iterable type array\\.$#" - count: 1 - path: src/lib/MVC/Symfony/Security/User.php - - - - message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\User\\:\\:eraseCredentials\\(\\) has no return type specified\\.$#" - count: 1 - path: src/lib/MVC/Symfony/Security/User.php - - - - message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\User\\:\\:getSalt\\(\\) should return string but returns null\\.$#" - count: 1 - path: src/lib/MVC/Symfony/Security/User.php - - - - message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\User\\:\\:setAPIUser\\(\\) has no return type specified\\.$#" - count: 1 - path: src/lib/MVC/Symfony/Security/User.php - - message: "#^Method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\User\\\\EmailProvider\\:\\:loadUserByUsername\\(\\) has parameter \\$user with no type specified\\.$#" count: 1 @@ -47275,16 +47200,6 @@ parameters: count: 1 path: tests/lib/MVC/Symfony/Routing/UrlAliasRouterTest.php - - - message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\Authentication\\\\AnonymousAuthenticationProviderTest\\:\\:testAuthenticate\\(\\) has no return type specified\\.$#" - count: 1 - path: tests/lib/MVC/Symfony/Security/Authentication/AnonymousAuthenticationProviderTest.php - - - - message: "#^Parameter \\#1 \\$configResolver of method Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\Authentication\\\\AnonymousAuthenticationProvider\\:\\:setConfigResolver\\(\\) expects Ibexa\\\\Contracts\\\\Core\\\\SiteAccess\\\\ConfigResolverInterface, PHPUnit\\\\Framework\\\\MockObject\\\\MockObject given\\.$#" - count: 1 - path: tests/lib/MVC/Symfony/Security/Authentication/AnonymousAuthenticationProviderTest.php - - message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\Authentication\\\\DefaultAuthenticationSuccessHandlerTest\\:\\:testSetConfigResolver\\(\\) has no return type specified\\.$#" count: 1 @@ -47395,111 +47310,6 @@ parameters: count: 1 path: tests/lib/MVC/Symfony/Security/Authentication/RepositoryAuthenticationProviderTest.php - - - message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:generateListener\\(\\) has no return type specified\\.$#" - count: 1 - path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php - - - - message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testCheckSiteAccessNoSiteAccess\\(\\) has no return type specified\\.$#" - count: 1 - path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php - - - - message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testCheckSiteAccessNotEzUser\\(\\) has no return type specified\\.$#" - count: 1 - path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php - - - - message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testCheckSiteAccessPermissionDenied\\(\\) has no return type specified\\.$#" - count: 1 - path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php - - - - message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testCheckSiteAccessPermissionGranted\\(\\) has no return type specified\\.$#" - count: 1 - path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php - - - - message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testGetSubscribedEvents\\(\\) has no return type specified\\.$#" - count: 1 - path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php - - - - message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testOnInteractiveLogin\\(\\) has no return type specified\\.$#" - count: 1 - path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php - - - - message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testOnInteractiveLoginAlreadyEzUser\\(\\) has no return type specified\\.$#" - count: 1 - path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php - - - - message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testOnInteractiveLoginNotUserObject\\(\\) has no return type specified\\.$#" - count: 1 - path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php - - - - message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testOnKernelRequestAccessDenied\\(\\) has no return type specified\\.$#" - count: 1 - path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php - - - - message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testOnKernelRequestAccessGranted\\(\\) has no return type specified\\.$#" - count: 1 - path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php - - - - message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testOnKernelRequestLoginRoute\\(\\) has no return type specified\\.$#" - count: 1 - path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php - - - - message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testOnKernelRequestNoSiteAccess\\(\\) has no return type specified\\.$#" - count: 1 - path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php - - - - message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testOnKernelRequestNullToken\\(\\) has no return type specified\\.$#" - count: 1 - path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php - - - - message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testOnKernelRequestSubRequest\\(\\) has no return type specified\\.$#" - count: 1 - path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php - - - - message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:testOnKernelRequestSubRequestFragment\\(\\) has no return type specified\\.$#" - count: 1 - path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php - - - - message: "#^Parameter \\#3 \\$configResolver of class Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListener constructor expects Ibexa\\\\Contracts\\\\Core\\\\SiteAccess\\\\ConfigResolverInterface, PHPUnit\\\\Framework\\\\MockObject\\\\MockObject given\\.$#" - count: 1 - path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php - - - - message: "#^Parameter \\#4 \\$eventDispatcher of class Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListener constructor expects Symfony\\\\Component\\\\EventDispatcher\\\\EventDispatcherInterface, PHPUnit\\\\Framework\\\\MockObject\\\\MockObject given\\.$#" - count: 1 - path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php - - - - message: "#^Parameter \\#5 \\$tokenStorage of class Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListener constructor expects Symfony\\\\Component\\\\Security\\\\Core\\\\Authentication\\\\Token\\\\Storage\\\\TokenStorageInterface, PHPUnit\\\\Framework\\\\MockObject\\\\MockObject&Symfony\\\\Component\\\\Security\\\\Core\\\\Authorization\\\\AuthorizationCheckerInterface given\\.$#" - count: 1 - path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php - - - - message: "#^Parameter \\#6 \\$authorizationChecker of class Ibexa\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListener constructor expects Symfony\\\\Component\\\\Security\\\\Core\\\\Authorization\\\\AuthorizationCheckerInterface, PHPUnit\\\\Framework\\\\MockObject\\\\MockObject given\\.$#" - count: 1 - path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php - - - - message: "#^Property Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\EventListener\\\\SecurityListenerTest\\:\\:\\$tokenStorage \\(PHPUnit\\\\Framework\\\\MockObject\\\\MockObject&Symfony\\\\Component\\\\Security\\\\Core\\\\Authorization\\\\AuthorizationCheckerInterface\\) does not accept PHPUnit\\\\Framework\\\\MockObject\\\\MockObject&Symfony\\\\Component\\\\Security\\\\Core\\\\Authentication\\\\Token\\\\Storage\\\\TokenStorageInterface\\.$#" - count: 1 - path: tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php - - message: "#^Method Ibexa\\\\Tests\\\\Core\\\\MVC\\\\Symfony\\\\Security\\\\HttpUtilsTest\\:\\:checkRequestPathProvider\\(\\) has no return type specified\\.$#" count: 1 diff --git a/src/bundle/Core/DependencyInjection/Compiler/SecurityPass.php b/src/bundle/Core/DependencyInjection/Compiler/SecurityPass.php index 5cd9ed7008..f9bebe9952 100644 --- a/src/bundle/Core/DependencyInjection/Compiler/SecurityPass.php +++ b/src/bundle/Core/DependencyInjection/Compiler/SecurityPass.php @@ -7,12 +7,9 @@ namespace Ibexa\Bundle\Core\DependencyInjection\Compiler; use Ibexa\Contracts\Core\Repository\PermissionResolver; -use Ibexa\Contracts\Core\Repository\UserService; -use Ibexa\Core\MVC\Symfony\Security\Authentication\AnonymousAuthenticationProvider; use Ibexa\Core\MVC\Symfony\Security\Authentication\DefaultAuthenticationSuccessHandler; use Ibexa\Core\MVC\Symfony\Security\Authentication\GuardRepositoryAuthenticationProvider; use Ibexa\Core\MVC\Symfony\Security\Authentication\RememberMeRepositoryAuthenticationProvider; -use Ibexa\Core\MVC\Symfony\Security\Authentication\RepositoryAuthenticationProvider; use Ibexa\Core\MVC\Symfony\Security\HttpUtils; use Ibexa\Core\MVC\Symfony\SiteAccess; use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface; @@ -21,52 +18,25 @@ /** * Security related compiler pass. - * Manipulates Symfony core security services to adapt them to eZ security needs. + * Manipulates Symfony core security services to adapt them to Ibexa security needs. */ -class SecurityPass implements CompilerPassInterface +final class SecurityPass implements CompilerPassInterface { - public const CONSTANT_AUTH_TIME_SETTING = 'ibexa.security.authentication.constant_auth_time'; + public const string CONSTANT_AUTH_TIME_SETTING = 'ibexa.security.authentication.constant_auth_time'; - public const CONSTANT_AUTH_TIME_DEFAULT = 1.0; + public const float CONSTANT_AUTH_TIME_DEFAULT = 1.0; - public function process(ContainerBuilder $container) + public function process(ContainerBuilder $container): void { - if (!($container->hasDefinition('security.authentication.provider.dao') && - $container->hasDefinition('security.authentication.provider.rememberme') && - $container->hasDefinition('security.authentication.provider.guard') && - $container->hasDefinition('security.authentication.provider.anonymous'))) { + if ( + !$container->hasDefinition('security.authentication.provider.rememberme') || + !$container->hasDefinition('security.authentication.provider.guard') + ) { return; } $configResolverRef = new Reference('ibexa.config.resolver'); $permissionResolverRef = new Reference(PermissionResolver::class); - $userServiceRef = new Reference(UserService::class); - $loggerRef = new Reference('logger'); - - // Override and inject the Repository in the authentication provider. - // We need it for checking user credentials - $daoAuthenticationProviderDef = $container->findDefinition('security.authentication.provider.dao'); - $daoAuthenticationProviderDef->setClass(RepositoryAuthenticationProvider::class); - $daoAuthenticationProviderDef->addMethodCall( - 'setPermissionResolver', - [$permissionResolverRef] - ); - $daoAuthenticationProviderDef->addMethodCall( - 'setUserService', - [$userServiceRef] - ); - $daoAuthenticationProviderDef->addMethodCall( - 'setConstantAuthTime', - [ - $container->hasParameter(self::CONSTANT_AUTH_TIME_SETTING) ? - (float)$container->getParameter(self::CONSTANT_AUTH_TIME_SETTING) : - self::CONSTANT_AUTH_TIME_DEFAULT, - ] - ); - $daoAuthenticationProviderDef->addMethodCall( - 'setLogger', - [$loggerRef] - ); $rememberMeAuthenticationProviderDef = $container->findDefinition('security.authentication.provider.rememberme'); $rememberMeAuthenticationProviderDef->setClass(RememberMeRepositoryAuthenticationProvider::class); @@ -82,18 +52,6 @@ public function process(ContainerBuilder $container) [$permissionResolverRef] ); - $anonymousAuthenticationProviderDef = $container->findDefinition('security.authentication.provider.anonymous'); - $anonymousAuthenticationProviderDef->setClass(AnonymousAuthenticationProvider::class); - $anonymousAuthenticationProviderDef->addMethodCall( - 'setPermissionResolver', - [$permissionResolverRef] - ); - - $anonymousAuthenticationProviderDef->addMethodCall( - 'setConfigResolver', - [$configResolverRef] - ); - if (!$container->hasDefinition('security.http_utils')) { return; } @@ -119,7 +77,9 @@ public function process(ContainerBuilder $container) 'setEventDispatcher', [new Reference('event_dispatcher')] ); + $successHandlerDef->addMethodCall( + 'setPermissionResolver', + [$permissionResolverRef] + ); } } - -class_alias(SecurityPass::class, 'eZ\Bundle\EzPublishCoreBundle\DependencyInjection\Compiler\SecurityPass'); diff --git a/src/bundle/Core/DependencyInjection/Security/HttpBasicFactory.php b/src/bundle/Core/DependencyInjection/Security/HttpBasicFactory.php deleted file mode 100644 index ee4170d6ce..0000000000 --- a/src/bundle/Core/DependencyInjection/Security/HttpBasicFactory.php +++ /dev/null @@ -1,24 +0,0 @@ -addCompilerPass(new GenericFieldTypeConverterPass(), PassConfig::TYPE_OPTIMIZE); @@ -91,15 +93,13 @@ public function build(ContainerBuilder $container) $container->addCompilerPass(new RoleLimitationConverterPass()); $container->addCompilerPass(new QueryTypePass()); - $securityExtension = $container->getExtension('security'); - $securityExtension->addSecurityListenerFactory(new HttpBasicFactory()); $container->addCompilerPass(new TranslationCollectorPass()); $container->addCompilerPass(new SlugConverterConfigurationPass()); $container->registerForAutoconfiguration(VariableProvider::class)->addTag('ezplatform.view.variable_provider'); } - public function getContainerExtension() + public function getContainerExtension(): ?ExtensionInterface { if (!isset($this->extension)) { $this->extension = new IbexaCoreExtension( @@ -136,5 +136,3 @@ public function getContainerExtension() return $this->extension; } } - -class_alias(IbexaCoreBundle::class, 'eZ\Bundle\EzPublishCoreBundle\EzPublishCoreBundle'); diff --git a/src/bundle/Core/Resources/config/security.yml b/src/bundle/Core/Resources/config/security.yml index 3d96abf9cb..024a4d1e30 100644 --- a/src/bundle/Core/Resources/config/security.yml +++ b/src/bundle/Core/Resources/config/security.yml @@ -40,19 +40,6 @@ services: class: Ibexa\Core\MVC\Symfony\Controller\SecurityController arguments: ["@twig", '@ibexa.config.resolver', "@security.authentication_utils"] - Ibexa\Core\MVC\Symfony\Security\EventListener\SecurityListener: - class: Ibexa\Core\MVC\Symfony\Security\EventListener\SecurityListener - arguments: - - '@Ibexa\Contracts\Core\Repository\PermissionResolver' - - '@Ibexa\Contracts\Core\Repository\UserService' - - '@ibexa.config.resolver' - - "@event_dispatcher" - - "@security.token_storage" - - "@security.authorization_checker" - - "%fragment.path%" - tags: - - { name: kernel.event_subscriber } - ibexa.security.user_provider: '@Ibexa\Core\MVC\Symfony\Security\User\UsernameProvider' ibexa.security.user_provider.username: '@Ibexa\Core\MVC\Symfony\Security\User\UsernameProvider' ibexa.security.user_provider.email: '@Ibexa\Core\MVC\Symfony\Security\User\EmailProvider' diff --git a/src/lib/.gitkeep b/src/lib/.gitkeep deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/src/lib/MVC/Symfony/Security/Authentication/AnonymousAuthenticationProvider.php b/src/lib/MVC/Symfony/Security/Authentication/AnonymousAuthenticationProvider.php deleted file mode 100644 index eb50be4155..0000000000 --- a/src/lib/MVC/Symfony/Security/Authentication/AnonymousAuthenticationProvider.php +++ /dev/null @@ -1,42 +0,0 @@ -configResolver = $configResolver; - } - - public function setPermissionResolver(PermissionResolver $permissionResolver) - { - $this->permissionResolver = $permissionResolver; - } - - public function authenticate(TokenInterface $token) - { - $token = parent::authenticate($token); - $this->permissionResolver->setCurrentUserReference(new UserReference($this->configResolver->getParameter('anonymous_user_id'))); - - return $token; - } -} - -class_alias(AnonymousAuthenticationProvider::class, 'eZ\Publish\Core\MVC\Symfony\Security\Authentication\AnonymousAuthenticationProvider'); diff --git a/src/lib/MVC/Symfony/Security/Authentication/DefaultAuthenticationSuccessHandler.php b/src/lib/MVC/Symfony/Security/Authentication/DefaultAuthenticationSuccessHandler.php index bbd684225a..583c551e82 100644 --- a/src/lib/MVC/Symfony/Security/Authentication/DefaultAuthenticationSuccessHandler.php +++ b/src/lib/MVC/Symfony/Security/Authentication/DefaultAuthenticationSuccessHandler.php @@ -4,19 +4,27 @@ * @copyright Copyright (C) Ibexa AS. All rights reserved. * @license For full copyright and license information view LICENSE file distributed with this source code. */ +declare(strict_types=1); + namespace Ibexa\Core\MVC\Symfony\Security\Authentication; +use Ibexa\Contracts\Core\Repository\PermissionResolver; use Ibexa\Contracts\Core\SiteAccess\ConfigResolverInterface; +use Ibexa\Core\MVC\Symfony\Security\UserInterface; use Psr\EventDispatcher\EventDispatcherInterface; use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationSuccessHandler as BaseSuccessHandler; -class DefaultAuthenticationSuccessHandler extends BaseSuccessHandler +final class DefaultAuthenticationSuccessHandler extends BaseSuccessHandler { private EventDispatcherInterface $eventDispatcher; private ConfigResolverInterface $configResolver; + private PermissionResolver $permissionResolver; + /** * Injects the ConfigResolver to potentially override default_target_path for redirections after authentication success. */ @@ -30,7 +38,22 @@ public function setEventDispatcher(EventDispatcherInterface $eventDispatcher): v $this->eventDispatcher = $eventDispatcher; } - protected function determineTargetUrl(Request $request) + public function setPermissionResolver(PermissionResolver $permissionResolver): void + { + $this->permissionResolver = $permissionResolver; + } + + public function onAuthenticationSuccess(Request $request, TokenInterface $token): ?Response + { + $user = $token->getUser(); + if ($user instanceof UserInterface && isset($this->permissionResolver)) { + $this->permissionResolver->setCurrentUserReference($user->getAPIUser()); + } + + return parent::onAuthenticationSuccess($request, $token); + } + + protected function determineTargetUrl(Request $request): string { if (isset($this->configResolver)) { $defaultPage = $this->configResolver->getParameter('default_page'); @@ -40,7 +63,12 @@ protected function determineTargetUrl(Request $request) } if (isset($this->eventDispatcher)) { - $event = new DetermineTargetUrlEvent($request, $this->options, $this->getFirewallName()); + $event = new DetermineTargetUrlEvent( + $request, + $this->options, + $this->getFirewallName() ?? '' + ); + $this->eventDispatcher->dispatch($event); $this->options = $event->getOptions(); @@ -49,5 +77,3 @@ protected function determineTargetUrl(Request $request) return parent::determineTargetUrl($request); } } - -class_alias(DefaultAuthenticationSuccessHandler::class, 'eZ\Publish\Core\MVC\Symfony\Security\Authentication\DefaultAuthenticationSuccessHandler'); diff --git a/src/lib/MVC/Symfony/Security/EventListener/SecurityListener.php b/src/lib/MVC/Symfony/Security/EventListener/SecurityListener.php deleted file mode 100644 index b836339099..0000000000 --- a/src/lib/MVC/Symfony/Security/EventListener/SecurityListener.php +++ /dev/null @@ -1,253 +0,0 @@ -permissionResolver = $permissionResolver; - $this->userService = $userService; - $this->configResolver = $configResolver; - $this->eventDispatcher = $eventDispatcher; - $this->tokenStorage = $tokenStorage; - $this->authorizationChecker = $authorizationChecker; - $this->fragmentPath = $fragmentPath; - } - - public static function getSubscribedEvents() - { - return [ - SecurityEvents::INTERACTIVE_LOGIN => [ - ['onInteractiveLogin', 10], - ['checkSiteAccessPermission', 9], - ], - // Priority 7, so that it occurs just after firewall (priority 8) - KernelEvents::REQUEST => ['onKernelRequest', 7], - ]; - } - - /** - * Tries to retrieve a valid Ibexa user if authenticated user doesn't come from the repository (foreign user provider). - * Will dispatch an event allowing listeners to return a valid Ibexa user for current authenticated user. - * Will by default let the repository load the anonymous user. - * - * @param \Symfony\Component\Security\Http\Event\InteractiveLoginEvent $event - */ - public function onInteractiveLogin(BaseInteractiveLoginEvent $event) - { - $token = $event->getAuthenticationToken(); - $originalUser = $token->getUser(); - if ($originalUser instanceof IbexaUser || !$originalUser instanceof UserInterface) { - return; - } - - /* - * 1. Send the event. - * 2. If no Ibexa user is returned, load Anonymous user. - * 3. Inject Ibexa user in repository. - * 4. Create the UserWrapped user object (implementing Ibexa UserInterface) with loaded Ibexa user. - * 5. Create new token with UserWrapped user - * 6. Inject the new token in security context - */ - $subLoginEvent = new InteractiveLoginEvent($event->getRequest(), $token); - $this->eventDispatcher->dispatch($subLoginEvent, MVCEvents::INTERACTIVE_LOGIN); - - if ($subLoginEvent->hasAPIUser()) { - $apiUser = $subLoginEvent->getAPIUser(); - } else { - $apiUser = $this->userService->loadUser( - $this->configResolver->getParameter('anonymous_user_id') - ); - } - - $this->permissionResolver->setCurrentUserReference($apiUser); - - $providerKey = method_exists($token, 'getProviderKey') ? $token->getProviderKey() : __CLASS__; - $interactiveToken = new InteractiveLoginToken( - $this->getUser($originalUser, $apiUser), - get_class($token), - $token->getCredentials(), - $providerKey, - $token->getRoleNames() - ); - $interactiveToken->setOriginalToken($token); - $interactiveToken->setAttributes($token->getAttributes()); - $this->tokenStorage->setToken($interactiveToken); - } - - /** - * Returns new user object based on original user and provided API user. - * One may want to override this method to use their own user class. - * - * @param \Symfony\Component\Security\Core\User\UserInterface $originalUser - * @param \Ibexa\Contracts\Core\Repository\Values\User\User $apiUser - * - * @return \Ibexa\Core\MVC\Symfony\Security\UserInterface - */ - protected function getUser(UserInterface $originalUser, APIUser $apiUser) - { - return new UserWrapped($originalUser, $apiUser); - } - - /** - * Throws an UnauthorizedSiteAccessException if current user doesn't have permission to current SiteAccess. - * - * @param \Symfony\Component\Security\Http\Event\InteractiveLoginEvent $event - * - * @throws \Ibexa\Core\MVC\Symfony\Security\Exception\UnauthorizedSiteAccessException - */ - public function checkSiteAccessPermission(BaseInteractiveLoginEvent $event) - { - $token = $event->getAuthenticationToken(); - $originalUser = $token->getUser(); - $request = $event->getRequest(); - $siteAccess = $request->attributes->get('siteaccess'); - if (!($originalUser instanceof IbexaUser && $siteAccess instanceof SiteAccess)) { - return; - } - - if (!$this->hasAccess($siteAccess)) { - throw new UnauthorizedSiteAccessException($siteAccess, $originalUser->getUsername()); - } - } - - /** - * Throws an UnauthorizedSiteAccessException if current user doesn't have access to current SiteAccess. - * - * @param \Symfony\Component\HttpKernel\Event\RequestEvent $event - * - * @throws \Ibexa\Core\MVC\Symfony\Security\Exception\UnauthorizedSiteAccessException - */ - public function onKernelRequest(RequestEvent $event) - { - $request = $event->getRequest(); - // Ignore sub-requests, including fragments. - if (!$this->isMasterRequest($request, $event->getRequestType())) { - return; - } - - $siteAccess = $request->attributes->get('siteaccess'); - if (!$siteAccess instanceof SiteAccess) { - return; - } - - $token = $this->tokenStorage->getToken(); - if ($token === null) { - return; - } - - if ( - // Leave access to login route, so that user can attempt re-authentication. - $request->attributes->get('_route') !== 'login' - && !$this->hasAccess($siteAccess) - ) { - throw new UnauthorizedSiteAccessException($siteAccess, $token->getUsername()); - } - } - - /** - * Returns true if given request is considered as a master request. - * Fragments are considered as sub-requests (i.e. ESI, Hinclude...). - * - * @param \Symfony\Component\HttpFoundation\Request $request - * @param $requestType - * - * @return bool - */ - private function isMasterRequest(Request $request, $requestType) - { - if ( - $requestType !== HttpKernelInterface::MASTER_REQUEST - || substr($request->getPathInfo(), -strlen($this->fragmentPath)) === $this->fragmentPath - ) { - return false; - } - - return true; - } - - /** - * Returns true if current user has access to given SiteAccess. - * - * @param \Ibexa\Core\MVC\Symfony\SiteAccess $siteAccess - * - * @return bool - */ - protected function hasAccess(SiteAccess $siteAccess) - { - return $this->authorizationChecker->isGranted( - new Attribute('user', 'login', ['valueObject' => $siteAccess]) - ); - } -} - -class_alias(SecurityListener::class, 'eZ\Publish\Core\MVC\Symfony\Security\EventListener\SecurityListener'); diff --git a/src/lib/MVC/Symfony/Security/User.php b/src/lib/MVC/Symfony/Security/User.php index 655ec05d6e..b9b5d062d8 100644 --- a/src/lib/MVC/Symfony/Security/User.php +++ b/src/lib/MVC/Symfony/Security/User.php @@ -11,19 +11,21 @@ use Ibexa\Contracts\Core\Repository\Values\User\User as APIUser; use Ibexa\Core\Repository\Values\User\UserReference; use Symfony\Component\Security\Core\User\EquatableInterface; +use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface; use Symfony\Component\Security\Core\User\UserInterface as BaseUserInterface; -class User implements ReferenceUserInterface, EquatableInterface +class User implements ReferenceUserInterface, EquatableInterface, PasswordAuthenticatedUserInterface { - /** @var \Ibexa\Contracts\Core\Repository\Values\User\User */ - private $user; + private APIUser $user; - /** @var \Ibexa\Contracts\Core\Repository\Values\User\UserReference */ - private $reference; + private UserReference $reference; /** @var string[] */ - private $roles; + private array $roles; + /** + * @param string[] $roles + */ public function __construct(APIUser $user, array $roles = []) { $this->user = $user; @@ -45,9 +47,9 @@ public function __construct(APIUser $user, array $roles = []) * and populated in any number of different ways when the user object * is created. * - * @return string[] The user roles + * @return string[] */ - public function getRoles() + public function getRoles(): array { return $this->roles; } @@ -57,10 +59,8 @@ public function getRoles() * * This should be the encoded password. On authentication, a plain-text * password will be salted, encoded, and then compared to this value. - * - * @return string The password */ - public function getPassword() + public function getPassword(): ?string { return $this->getAPIUser()->passwordHash; } @@ -69,20 +69,16 @@ public function getPassword() * Returns the salt that was originally used to encode the password. * * This can return null if the password was not encoded using a salt. - * - * @return string The salt */ - public function getSalt() + public function getSalt(): ?string { return null; } /** * Returns the username used to authenticate the user. - * - * @return string The username */ - public function getUsername() + public function getUsername(): string { return $this->getAPIUser()->login; } @@ -93,22 +89,16 @@ public function getUsername() * This is important if, at any given point, sensitive information like * the plain-text password is stored on this object. */ - public function eraseCredentials() + public function eraseCredentials(): void { } - /** - * @return \Ibexa\Contracts\Core\Repository\Values\User\UserReference - */ - public function getAPIUserReference() + public function getAPIUserReference(): UserReference { return $this->reference; } - /** - * @return \Ibexa\Contracts\Core\Repository\Values\User\User - */ - public function getAPIUser() + public function getAPIUser(): APIUser { if (!$this->user instanceof APIUser) { throw new \LogicException( @@ -119,16 +109,13 @@ public function getAPIUser() return $this->user; } - /** - * @param \Ibexa\Contracts\Core\Repository\Values\User\User $user - */ - public function setAPIUser(APIUser $user) + public function setAPIUser(APIUser $apiUser): void { - $this->user = $user; - $this->reference = new UserReference($user->getUserId()); + $this->user = $apiUser; + $this->reference = new UserReference($apiUser->getUserId()); } - public function isEqualTo(BaseUserInterface $user) + public function isEqualTo(BaseUserInterface $user): bool { // Check for the lighter ReferenceUserInterface first if ($user instanceof ReferenceUserInterface) { @@ -140,7 +127,7 @@ public function isEqualTo(BaseUserInterface $user) return false; } - public function __toString() + public function __toString(): string { return $this->getAPIUser()->contentInfo->name; } @@ -150,9 +137,9 @@ public function __toString() * (& either way refresh) the user object in {@see \Ibexa\Core\MVC\Symfony\Security\User\BaseProvider::refreshUser} * when object wakes back up from session. * - * @return array + * @return string[] */ - public function __sleep() + public function __sleep(): array { return ['reference', 'roles']; } diff --git a/src/lib/MVC/Symfony/SiteAccess/Router.php b/src/lib/MVC/Symfony/SiteAccess/Router.php index 1cb57f141e..3c30b62ec1 100644 --- a/src/lib/MVC/Symfony/SiteAccess/Router.php +++ b/src/lib/MVC/Symfony/SiteAccess/Router.php @@ -209,11 +209,10 @@ private function doMatch(SimplifiedRequest $request) * @param string $siteAccessName * * @throws \InvalidArgumentException If $siteAccessName is invalid (i.e. not present in configured list). - * - * @return \Ibexa\Core\MVC\Symfony\SiteAccess|null */ - public function matchByName($siteAccessName) + public function matchByName($siteAccessName): ?SiteAccess { + $siteAccessName = $siteAccessName instanceof SiteAccess ? $siteAccessName->name : $siteAccessName; if (!$this->siteAccessProvider->isDefined($siteAccessName)) { throw new InvalidArgumentException("Invalid SiteAccess name provided for reverse matching: $siteAccessName"); } diff --git a/tests/lib/.gitkeep b/tests/lib/.gitkeep deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/tests/lib/MVC/Symfony/Security/Authentication/AnonymousAuthenticationProviderTest.php b/tests/lib/MVC/Symfony/Security/Authentication/AnonymousAuthenticationProviderTest.php deleted file mode 100644 index f9a4a26a3f..0000000000 --- a/tests/lib/MVC/Symfony/Security/Authentication/AnonymousAuthenticationProviderTest.php +++ /dev/null @@ -1,58 +0,0 @@ -configResolver = $this->createMock(ConfigResolverInterface::class); - $this->permissionResolver = $this->createMock(PermissionResolver::class); - } - - public function testAuthenticate() - { - $anonymousUserId = 10; - $this->configResolver - ->expects($this->once()) - ->method('getParameter') - ->with('anonymous_user_id') - ->will($this->returnValue($anonymousUserId)); - - $this->permissionResolver - ->expects($this->once()) - ->method('setCurrentUserReference') - ->with(new UserReference($anonymousUserId)); - - $key = 'some_key'; - $authProvider = new AnonymousAuthenticationProvider($key); - $authProvider->setPermissionResolver($this->permissionResolver); - $authProvider->setConfigResolver($this->configResolver); - $anonymousToken = $this - ->getMockBuilder(AnonymousToken::class) - ->setConstructorArgs([$key, $this->createMock(UserInterface::class)]) - ->getMockForAbstractClass(); - $this->assertSame($anonymousToken, $authProvider->authenticate($anonymousToken)); - } -} - -class_alias(AnonymousAuthenticationProviderTest::class, 'eZ\Publish\Core\MVC\Symfony\Security\Tests\Authentication\AnonymousAuthenticationProviderTest'); diff --git a/tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php b/tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php deleted file mode 100644 index 1cf8624b4b..0000000000 --- a/tests/lib/MVC/Symfony/Security/EventListener/SecurityListenerTest.php +++ /dev/null @@ -1,416 +0,0 @@ -configResolver = $this->createMock(ConfigResolverInterface::class); - $this->eventDispatcher = $this->createMock(EventDispatcherInterface::class); - $this->tokenStorage = $this->createMock(TokenStorageInterface::class); - $this->authChecker = $this->createMock(AuthorizationCheckerInterface::class); - $this->permissionResolver = $this->createMock(PermissionResolver::class); - $this->userService = $this->createMock(UserService::class); - $this->listener = $this->generateListener(); - } - - protected function generateListener() - { - return new SecurityListener( - $this->permissionResolver, - $this->userService, - $this->configResolver, - $this->eventDispatcher, - $this->tokenStorage, - $this->authChecker - ); - } - - public function testGetSubscribedEvents() - { - $this->assertSame( - [ - SecurityEvents::INTERACTIVE_LOGIN => [ - ['onInteractiveLogin', 10], - ['checkSiteAccessPermission', 9], - ], - KernelEvents::REQUEST => ['onKernelRequest', 7], - ], - SecurityListener::getSubscribedEvents() - ); - } - - public function testOnInteractiveLoginAlreadyEzUser() - { - $user = $this->createMock(UserInterface::class); - $token = $this->createMock(TokenInterface::class); - $token - ->expects($this->once()) - ->method('getUser') - ->will($this->returnValue($user)); - $event = new BaseInteractiveLoginEvent(new Request(), $token); - - $this->eventDispatcher - ->expects($this->never()) - ->method('dispatch'); - - $this->listener->onInteractiveLogin($event); - } - - public function testOnInteractiveLoginNotUserObject() - { - $user = 'foobar'; - $token = $this->createMock(TokenInterface::class); - $token - ->expects($this->once()) - ->method('getUser') - ->will($this->returnValue($user)); - $event = new BaseInteractiveLoginEvent(new Request(), $token); - - $this->eventDispatcher - ->expects($this->never()) - ->method('dispatch'); - - $this->listener->onInteractiveLogin($event); - } - - public function testOnInteractiveLogin() - { - $user = $this->createMock(SymfonyUserInterface::class); - $token = $this->createMock(TokenInterface::class); - $token - ->expects($this->once()) - ->method('getUser') - ->will($this->returnValue($user)); - $token - ->expects($this->once()) - ->method('getRoleNames') - ->will($this->returnValue(['ROLE_USER'])); - $token - ->expects($this->once()) - ->method('getAttributes') - ->will($this->returnValue(['foo' => 'bar'])); - - $event = new BaseInteractiveLoginEvent(new Request(), $token); - - $anonymousUserId = 10; - $this->configResolver - ->expects($this->once()) - ->method('getParameter') - ->with('anonymous_user_id') - ->will($this->returnValue($anonymousUserId)); - - $apiUser = $this->createMock(APIUser::class); - $this->userService - ->expects($this->once()) - ->method('loadUser') - ->with($anonymousUserId) - ->will($this->returnValue($apiUser)); - - $this->permissionResolver - ->expects($this->once()) - ->method('setCurrentUserReference') - ->with($apiUser); - - $this->tokenStorage - ->expects($this->once()) - ->method('setToken') - ->with($this->isInstanceOf(InteractiveLoginToken::class)); - - $this->listener->onInteractiveLogin($event); - } - - public function testCheckSiteAccessPermissionDenied() - { - $this->expectException(UnauthorizedSiteAccessException::class); - - $user = $this->createMock(UserInterface::class); - $token = $this->createMock(TokenInterface::class); - $token - ->expects($this->once()) - ->method('getUser') - ->will($this->returnValue($user)); - - $request = new Request(); - $siteAccess = new SiteAccess('test'); - $request->attributes->set('siteaccess', $siteAccess); - - $this->authChecker - ->expects($this->once()) - ->method('isGranted') - ->with($this->equalTo(new Attribute('user', 'login', ['valueObject' => $siteAccess]))) - ->will($this->returnValue(false)); - - $this->listener->checkSiteAccessPermission(new BaseInteractiveLoginEvent($request, $token)); - } - - public function testCheckSiteAccessPermissionGranted() - { - $user = $this->createMock(UserInterface::class); - $token = $this->createMock(TokenInterface::class); - $token - ->expects($this->once()) - ->method('getUser') - ->will($this->returnValue($user)); - - $request = new Request(); - $siteAccess = new SiteAccess('test'); - $request->attributes->set('siteaccess', $siteAccess); - - $this->authChecker - ->expects($this->once()) - ->method('isGranted') - ->with($this->equalTo(new Attribute('user', 'login', ['valueObject' => $siteAccess]))) - ->will($this->returnValue(true)); - - // Nothing should happen or should be returned. - $this->listener->checkSiteAccessPermission(new BaseInteractiveLoginEvent($request, $token)); - } - - public function testCheckSiteAccessNotEzUser() - { - $user = $this->createMock(SymfonyUserInterface::class); - $token = $this->createMock(TokenInterface::class); - $token - ->expects($this->once()) - ->method('getUser') - ->will($this->returnValue($user)); - - $request = new Request(); - $siteAccess = new SiteAccess('test'); - $request->attributes->set('siteaccess', $siteAccess); - - $this->authChecker - ->expects($this->never()) - ->method('isGranted'); - - $this->listener->checkSiteAccessPermission(new BaseInteractiveLoginEvent($request, $token)); - } - - public function testCheckSiteAccessNoSiteAccess() - { - $user = $this->createMock(UserInterface::class); - $token = $this->createMock(TokenInterface::class); - $token - ->expects($this->once()) - ->method('getUser') - ->will($this->returnValue($user)); - - $this->authChecker - ->expects($this->never()) - ->method('isGranted'); - - $this->listener->checkSiteAccessPermission(new BaseInteractiveLoginEvent(new Request(), $token)); - } - - public function testOnKernelRequestSubRequest() - { - $event = new RequestEvent( - $this->createMock(HttpKernelInterface::class), - new Request(), - HttpKernelInterface::SUB_REQUEST - ); - - $this->tokenStorage - ->expects($this->never()) - ->method('getToken'); - $this->authChecker - ->expects($this->never()) - ->method('isGranted'); - - $this->listener->onKernelRequest($event); - } - - public function testOnKernelRequestSubRequestFragment() - { - $event = new RequestEvent( - $this->createMock(HttpKernelInterface::class), - Request::create('/_fragment'), - HttpKernelInterface::MASTER_REQUEST - ); - $this->configResolver - ->expects($this->never()) - ->method('getParameter'); - - $this->tokenStorage - ->expects($this->never()) - ->method('getToken'); - $this->authChecker - ->expects($this->never()) - ->method('isGranted'); - - $this->listener->onKernelRequest($event); - } - - public function testOnKernelRequestNoSiteAccess() - { - $event = new RequestEvent( - $this->createMock(HttpKernelInterface::class), - new Request(), - HttpKernelInterface::MASTER_REQUEST - ); - - $this->tokenStorage - ->expects($this->never()) - ->method('getToken'); - $this->authChecker - ->expects($this->never()) - ->method('isGranted'); - - $this->listener->onKernelRequest($event); - } - - public function testOnKernelRequestNullToken() - { - $request = new Request(); - $request->attributes->set('siteaccess', new SiteAccess('test')); - $event = new RequestEvent( - $this->createMock(HttpKernelInterface::class), - $request, - HttpKernelInterface::MASTER_REQUEST - ); - - $this->tokenStorage - ->expects($this->once()) - ->method('getToken') - ->will($this->returnValue(null)); - $this->authChecker - ->expects($this->never()) - ->method('isGranted'); - - $this->listener->onKernelRequest($event); - } - - public function testOnKernelRequestLoginRoute() - { - $request = new Request(); - $request->attributes->set('siteaccess', new SiteAccess('test')); - $request->attributes->set('_route', 'login'); - $event = new RequestEvent( - $this->createMock(HttpKernelInterface::class), - $request, - HttpKernelInterface::MASTER_REQUEST - ); - - $this->tokenStorage - ->expects($this->once()) - ->method('getToken') - ->will($this->returnValue(null)); - $this->authChecker - ->expects($this->never()) - ->method('isGranted'); - - $this->listener->onKernelRequest($event); - } - - public function testOnKernelRequestAccessDenied() - { - $this->expectException(UnauthorizedSiteAccessException::class); - - $request = new Request(); - $request->attributes->set('siteaccess', new SiteAccess('test')); - $event = new RequestEvent( - $this->createMock(HttpKernelInterface::class), - $request, - HttpKernelInterface::MASTER_REQUEST - ); - - $token = $this->createMock(TokenInterface::class); - $token - ->expects($this->any()) - ->method('getUsername') - ->will($this->returnValue('foo')); - - $this->tokenStorage - ->expects($this->once()) - ->method('getToken') - ->will($this->returnValue($token)); - $this->authChecker - ->expects($this->once()) - ->method('isGranted') - ->will($this->returnValue(false)); - - $this->listener->onKernelRequest($event); - } - - public function testOnKernelRequestAccessGranted() - { - $request = new Request(); - $request->attributes->set('siteaccess', new SiteAccess('test')); - $event = new RequestEvent( - $this->createMock(HttpKernelInterface::class), - $request, - HttpKernelInterface::MASTER_REQUEST - ); - - $token = $this->createMock(TokenInterface::class); - $token - ->expects($this->any()) - ->method('getUsername') - ->will($this->returnValue('foo')); - - $this->tokenStorage - ->expects($this->once()) - ->method('getToken') - ->will($this->returnValue($token)); - $this->authChecker - ->expects($this->once()) - ->method('isGranted') - ->will($this->returnValue(true)); - - // Nothing should happen or should be returned. - $this->listener->onKernelRequest($event); - } -} - -class_alias(SecurityListenerTest::class, 'eZ\Publish\Core\MVC\Symfony\Security\Tests\EventListener\SecurityListenerTest');